[SECURITY COUNCIL] rsETH DeFi incident and ETHx going forward

Governance
1

Background

On 18th April 2026, a DeFi-wide liquidity event occurred following an exploit involving rsETH. As a result, Aave paused WETH markets on Ethereum Mainnet and L2-s, which subsequently impacted Superfluid’s ETHx on ETH Mainnet, Base, and Arbitrum One due to a recent yield backend configuration related to [SIP #9].

While the Aave market unfroze its ETH Mainnet within a week, the Base and Arbitrum markets remain frozen and uncertain to this day (11th May 2026).

During this period, affected ETHx upgrade/downgrade paths remain unfixed, as this was a known design choice during the audit. Without risking adding more fuel to the fire, the Security Council placed full confidence in Aave and DeFi as a whole to resolve it. It certainly tested everyone’s patience and exceeded my estimation of how long it would take for the market to fully reopen. Nonetheless, on 11th May 2026, we are pleased to announce that the Base and Arbitrum markets are fully back, and the ETHx are also back to normal.

Instead of repeating the full history in this thread, I attach the relevant Aave forum posts for whoever wishes to relive this saga:

Going forward, I wish the DAO to vote on the ETHx yield-back continuation in its current form.

Vote Proposal

Knowing it is a design choice of the current code base, where ETHx, or USDCx for the same reason, may be frozen again should the underlying Aave or Spark markets experience a similar liquidity event, a DAO vote on the current form of the yield-back implementation is warranted.

There will be two separate DAO votes:

  • A simple YES or NO on whether we should continue the yield backend on ETHx, with its current code, across all networks.
  • A simple YES or NO on whether we should continue the yield backend on USDCx, with its current code, across all networks.

Note that such a design choice applies to all networks, hence no discrimination; however, ETH and USDC may have different liquidity backing, hence separate voting for ETHx and USDCx.

If the DAO votes NO, the security council shall disable all yield backends on the relevant assets across all networks, and the DAO will also stop receiving yield accrued from the underlying assets.

If DAO votes YES, no action will be required.

Note that this proposal does not address whether we should further develop the codebase to work around the design choice. This can be left to a future proposal and work.

Call-to-action

Please discuss here, and the votes will be live after at least a week time.

5 Likes
2

Given the current DeFi landscape, we recommend not continuing with the yield backend from a more conservative standpoint.

In SIP-9, the rationale for deploying ETHx, USDCx, and similar assets to earn yield was not only the potential to generate revenue for the DAO, but also the perceived reliability of the contracts used to put those assets to work.

Over the past few months, the number of security incidents (such as Kelp’s) has surged. DeFi security is not in its strongest phase, and yields are extremely low on the other hand.

We believe the risk/reward of keeping funds on Aave or Spark does not justify it for the DAO: if those positions were compromised in some way, the consequences for the project could be severe.

3 Likes
3

:megaphone: Voting is live on Snapshot for 2 Constitutional proposals:

  • SIP #15: ETHx yield backend continuation :backhand_index_pointing_right: HERE :backhand_index_pointing_left:
  • SIP #16: USDCx yield backend continuation :backhand_index_pointing_right: HERE :backhand_index_pointing_left: